Wednesday’s release of OS X Lion has brought a number of changes to the OS. According to a new report, however, Apple has made a number of “under the hood” changes, and has improved security in OS X Lion to state-of-the-art levels, with much greater resistance to malware and various security concerns.
Further, according to some researchers, Mac OS X Lion may very well have just become the king of the hill as far as security is concerned. In fact, Lion may be the most secure consumer operating system ever released, due to a plethora of security enhancements that from clever sandboxing to a complete redesign of FileVault.
This is a pleasant change from 2009′ release of Snow Leopard, which offered only incremental security enhancements. According to researchers cited within the report (who have been studying Lion for months), OS X Lion represents a major security overhaul for the platform.
The most important security change, according to the report, is full ASLR (address space layout randomization), which makes it much more difficult for attackers to exploit the platform by routinely changing the memory location where critical system components are loaded. The report also mentions that, while ASLR was present within Leopard, its implementation was extremely inadequate. Lion’s ASLR has been augmented, so that even if hackers clear that hurdle, they’ll still have to bypass other new protections.
Further security enhancements include secure sandboxing that limits the ways that applications can interact with the operating system, as well as a form of full disk encryption that doesn’t encumber other features of the OS. Below is notable quote within the report from Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook:
…It [Lion’s security] is a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus…I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.
Personally, I’m extremely excited to read that Apple has upped their security game so dramatically, although its still important to be cautious, because no matter how secure a platform seems to be, a sufficiently dedicated attacker can usually still find a way to cause problems.
The report goes into a considerable greater amount of detail than I have reflected here, but the short version of the story is that it appears as though users of Mac OS X Lion now now rest just a bit easier. Click here to read the full report.